Interview: The low down on cloud security and how to stay secure

Security and the cloud are both key topics in the world of technology at the moment - along with areas such as BYOD and the Internet of Things - so if you put the two together, you've got double the power.

We recently had the chance to speak to Charles Sweeney, CEO of content filtering and security company Bloxx, about its new Tru-View cloud technology, data breaches and the main issues in cloud security.

The full interview can be found below.

  1. To start off, give us a bit of background about Bloxx as a company

Bloxx was established in 1999 to address a gap in the market for real-time contextual content analysis. We were the first to achieve this with our Tru-View Technology (TVT).

Tru-View provides advanced content analysis and categorisation at the point of request, without using the normal method of searching through a database for approved sites and content. This meant that we could offer a latency-free solution that doesn’t over or under block sites – either new or modified pages being included - all within real-time.

We have offices in the UK, US and Europe and a global network of partners that has enabled us to build a strong presence in the IT Channel and create key Distribution and OEM relationships. Our multiple deployment options allow us to deliver hardware, virtual, cloud and hybrid solutions - as well as bespoke solutions for Managed Security Service Providers (MSSP).

This has allowed us to work across both the public and private sectors and create safe, mobile and collaborative working and learning environments for over seven million people.

  1. Tell us about your Tru-View Cloud technology

We feel cloud is now a when - not if - investment, meaning security teams are more proactively having to get their own house in order and understand what security-as-a-service looks like. Without question a hybrid model will be the preferred choice as it provides the assurances of an on-premise model, combined with all the advantages of the cloud.

Tru-View Cloud has been built on this basis. It allows organisations to set the same robust policies and filtering for mobile workers and additional locations, whilst still benefitting from central management without the need for further hardware. By combining our on-premise hardware or virtual web filtering appliances with cloud filtering, Tru-View Cloud delivers real-time web filtering that minimises risk whilst increasing user and network protection in a cloud environment.

The system retains all the features of the Tru-View hardware as well as additional features such as Acceptable Use Policy (AUP) Management to simplify compliance, Single Sign On for BYOD users and enhanced Cookie Authentication – all of which can be managed from the cloud and applied across multiple locations.

  1. You were at InfoSec earlier in the month, what were some of the key themes/trends that emerged?

There is a very definite shift this year in the type of products that were being offered at the show. Wherein the past companies’ would offer specialist, specific areas of IT security, it seems much more popular to offer all-encompassing packages. Although this does aid people looking to sort out their entire IT solution in one fell swoop, end users looking for a deeper level of customisation and tailoring don’t seem to be as catered for this year.

Another obvious trend is the move towards cloud and hybrid cloud technologies. I think this coincides with the changing way that IT is used within the workplace, and the subsequent change in how we protect ourselves while using it. Workforces are becoming increasingly mobile and work across a range of devices (both work-operated and BYOD), which means that security needs to be flexible and able to handle different devices in different locations easily. From shared documents and storage to security, I think it is this change in how tech is used that has driven the move towards cloud.

[full_width_ad]

  1. What are the main issues companies are coming up against with regards to cloud security?

There is often a reluctance from companies to outsource their security and data storage, with the sense of disconnect between them and where their data is being stored often making them a little uncomfortable. When companies hear about instances such as the Apple iCloud hack, there is a perception that the cloud doesn’t have the same level of robust protection that a more conventional storage and security system would.

It is a case of companies having issues because they haven’t fully understood the levels of security practise that need to be implemented with a cloud solution, or how their organisation needs to change as a whole to take full advantage of cloud tech.

  1. Why have in-house security teams been slower on the uptake of cloud?

This leads on rather well from the previous question. In an age where hacks and breaches are seemingly never out of the news, security has become an area of business that is under a lot of scrutiny. Therefore, as I mentioned beforehand, security teams like to have their solutions as a viewable, tangible object such as hardware – keeping it in sight.

However, with the move towards a decentralised business becoming ever more popular security teams need to move forward and embrace the cloud and the benefits that this can offer to a more mobile workforce. By combining centralised hardware with cloud protection for office branches and mobile users, a hybrid model moves security into the cloud whilst still offering the re-assurance in-house teams are looking for.

  1. Data breaches seem to be in the news on an almost daily basis at the moment. How can companies stop this from happening to them?

Data breaches and attacks from hackers are a complicated business. There is never one specific reason as to why a loss of information occurs, but rather a mixture between human error and protocol is often at fault.

Companies need to ensure that they take a “360 degree view” when policy setting, taking into consideration ideas like compartmentalising information, safeguarding against human error and account management across different devices (one example being looking at your emails on a tablet over the weekend, on a phone during your commute and then on a PC or laptop when in the office) to minimise the chance of a breach.

Prioritising what needs protecting the most is also a strong preventative tactic. Rather than spread your security budget thinly across your entire organisation, ensure that the most vital information – and just as importantly the information that can lead hackers to vital information – is the most carefully protected.

Time frames are also very important with data loss; it can take a matter of seconds for an attacker to gain the information they need and disappear again. Having a solution, such as our web filtering system, which works in real-time, can ensure you shut the door in an attacker’s face before they have time to cause any damage to your organisation.

  1. What tips would you offer businesses that are worried about cloud security?

If businesses are concerned about cloud security and how to implement it, there is a key three step process they can follow to mitigate risk and make sure the move to the technology is a success. Firstly, companies need to understand what the security practices from their cloud solution provider are. By having a good understanding of this they will be able to monitor and respond to issues in a way that align with the security provider, speeding up the process.

Secondly, companies should know how often these security practises are tested, and who needs to take ownership of this. Making sure that these security practises are well drilled and owned by the right individuals means that if a real data breach occurs, the process is streamlined and people know their responsibilities.

Lastly, a company needs to take into account the internal changes that need to take place when the cloud is used as part of the IT infrastructure. The storing of documents, where confidential data needs to reside, who has access and how they need to go about this; all these are changes that may affect your company. If not given the due care and attention they need these changes can easily become vulnerabilities, rather than a positive change for your business.

The bottom line is understand the cloud and how it is implemented, and it can elevate your business’s security to new levels of speed, coverage and safety.